ClawHub

Student Flights

Security checks across malware telemetry and agentic risk

Overview

The skill’s flight-search purpose is coherent, but it asks agents to install an unpinned global travel CLI and keep hidden local logs of raw travel queries.

Review before installing. Use this skill only if you are comfortable sharing travel search details with flyai/Fliggy. Ask the agent to show commands before running them, avoid `sudo npm i -g`, prefer a pinned or user-local install, and delete or disable `.flyai-execution-log.json` if you do not want raw travel queries retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly instructs the agent to log `user_query` as raw input in an internal execution log. In a travel-booking context, user queries can contain names, destinations, dates, visa details, budgets, and other sensitive travel information, so capturing and retaining raw input creates unnecessary privacy and data-retention risk even if the feature is intended for debugging or observability.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The runbook directs the skill to append execution logs to `.flyai-execution-log.json` when filesystem writes are available, creating local persistence of potentially sensitive request data. Because the same runbook also includes raw `user_query` logging and there is no user-facing warning or retention policy, this increases the chance of unintended disclosure through local access, backups, shared environments, or later exfiltration.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal